Vulnerabilities > Microsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-12-20 | CVE-2001-0542 | Buffer Overflow vulnerability in Microsoft SQL-Server 2000/7.0 Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. | 7.5 |
| 2001-12-17 | CVE-2001-1200 | Unspecified vulnerability in Microsoft Windows XP Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys. | 7.2 |
| 2001-12-14 | CVE-2001-0727 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability." | 7.5 |
| 2001-12-13 | CVE-2001-0874 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability. | 5.0 |
| 2001-12-11 | CVE-2001-1186 | Unspecified vulnerability in Microsoft Internet Information Services 5.0 Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection. | 5.0 |
| 2001-12-07 | CVE-2001-0951 | Unspecified vulnerability in Microsoft Windows 2000 Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters. | 5.0 |
| 2001-12-06 | CVE-2001-0860 | Unspecified vulnerability in Microsoft Windows 2000 and Windows XP Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. | 7.5 |
| 2001-12-06 | CVE-2001-0807 | Unspecified vulnerability in Microsoft Internet Explorer 5.0 Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file. | 2.6 |
| 2001-12-06 | CVE-2001-0726 | Unspecified vulnerability in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message. | 7.5 |
| 2001-12-06 | CVE-2001-0722 | Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0 Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability." | 6.4 |